bootutil: Use common type name for key exchange context

The commit uses typedef to define common name for key exchange
in order to reduce number of local definitions and #ifdef in code.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>

Author: de-nordic

boot/bootutil/include/bootutil/crypto/ecdh_p256.h

@@ -35,6 +35,7 @@ extern "C" {
 
 #if defined(MCUBOOT_USE_TINYCRYPT)
 typedef uintptr_t bootutil_ecdh_p256_context;
+typedef bootutil_ecdh_p256_context bootutil_key_exchange_ctx;
 static inline void bootutil_ecdh_p256_init(bootutil_ecdh_p256_context *ctx)
 {
     (void)ctx;
@@ -80,6 +81,7 @@ typedef struct bootutil_ecdh_p256_context {
     mbedtls_mpi z;
     mbedtls_mpi d;
 } bootutil_ecdh_p256_context;
+typedef bootutil_ecdh_p256_context bootutil_key_exchange_ctx;
 
 static inline void bootutil_ecdh_p256_init(bootutil_ecdh_p256_context *ctx)
 {

boot/bootutil/include/bootutil/crypto/ecdh_x25519.h

@@ -26,6 +26,7 @@ extern int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
                   const uint8_t peer_public_value[32]);
 
 typedef uintptr_t bootutil_ecdh_x25519_context;
+typedef bootutil_ecdh_x25519_context bootutil_key_exchange_ctx;
 static inline void bootutil_ecdh_x25519_init(bootutil_ecdh_x25519_context *ctx)
 {
     (void)ctx;

boot/bootutil/include/bootutil/crypto/rsa.h

@@ -68,6 +68,7 @@ extern "C" {
 typedef struct {
     psa_key_id_t key_id;
 } bootutil_rsa_context;
+typedef bootutil_rsa_context bootutil_key_exchange_ctx;
 
 static inline void bootutil_rsa_init(bootutil_rsa_context *ctx)
 {
@@ -176,6 +177,7 @@ static inline int bootutil_rsassa_pss_verify(const bootutil_rsa_context *ctx,
 #elif defined(MCUBOOT_USE_MBED_TLS)
 
 typedef mbedtls_rsa_context bootutil_rsa_context;
+typedef bootutil_rsa_context bootutil_key_exchange_ctx;
 
 static inline void bootutil_rsa_init(bootutil_rsa_context *ctx)
 {

boot/bootutil/src/encrypted.c

@@ -380,35 +380,26 @@ static int fake_rng(void *p_rng, unsigned char *output, size_t len)
 int
 boot_decrypt_key(const uint8_t *buf, uint8_t *enckey)
 {
-#if defined(MCUBOOT_ENCRYPT_RSA)
-    bootutil_rsa_context rsa;
-    uint8_t *cp;
-    uint8_t *cpend;
-    size_t olen;
-#endif
-
-    BOOT_LOG_DBG("boot_decrypt_key");
-#if defined(MCUBOOT_ENCRYPT_EC256)
-    bootutil_ecdh_p256_context ecdh_p256;
-#endif
-#if defined(MCUBOOT_ENCRYPT_X25519)
-    bootutil_ecdh_x25519_context ecdh_x25519;
-#endif
 #if defined(MCUBOOT_ENCRYPT_EC256) || defined(MCUBOOT_ENCRYPT_X25519)
     bootutil_hmac_sha256_context hmac;
     bootutil_aes_ctr_context aes_ctr;
     uint8_t tag[BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE];
     uint8_t shared[EC_SHARED_LEN];
     uint8_t derived_key[BOOT_ENC_KEY_SIZE + BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE];
-    uint8_t *cp;
-    uint8_t *cpend;
     uint8_t private_key[EC_PRIVK_LEN];
     uint8_t counter[BOOT_ENC_BLOCK_SIZE];
+#endif
+#if !defined(MCUBOOT_ENCRYPT_KW)
+    bootutil_key_exchange_ctx pk_ctx;
+    uint8_t *cp;
+    uint8_t *cpend;
     uint16_t len;
 #endif
     struct bootutil_key *bootutil_enc_key = NULL;
     int rc = -1;
 
+    BOOT_LOG_DBG("boot_decrypt_key");
+
     rc = boot_enc_retrieve_private_key(&bootutil_enc_key);
     if (rc) {
         return rc;
@@ -418,21 +409,23 @@ boot_decrypt_key(const uint8_t *buf, uint8_t *enckey)
         return rc;
     }
 
-#if defined(MCUBOOT_ENCRYPT_RSA)
-
-    bootutil_rsa_init(&rsa);
+#if !defined(MCUBOOT_ENCRYPT_KW)
     cp = (uint8_t *)bootutil_enc_key->key;
     cpend = cp + *bootutil_enc_key->len;
+#endif
+
+#if defined(MCUBOOT_ENCRYPT_RSA)
+    bootutil_rsa_init(&pk_ctx);
 
     /* The enckey is encrypted through RSA so for decryption we need the private key */
-    rc = bootutil_rsa_parse_private_key(&rsa, &cp, cpend);
+    rc = bootutil_rsa_parse_private_key(&pk_ctx, &cp, cpend);
     if (rc) {
-        bootutil_rsa_drop(&rsa);
+        bootutil_rsa_drop(&pk_ctx);
         return rc;
     }
 
-    rc = bootutil_rsa_oaep_decrypt(&rsa, &olen, buf, enckey, BOOT_ENC_KEY_SIZE);
-    bootutil_rsa_drop(&rsa);
+    rc = bootutil_rsa_oaep_decrypt(&pk_ctx, &len, buf, enckey, BOOT_ENC_KEY_SIZE);
+    bootutil_rsa_drop(&pk_ctx);
     if (rc) {
         return rc;
     }
@@ -447,10 +440,6 @@ boot_decrypt_key(const uint8_t *buf, uint8_t *enckey)
 #endif /* defined(MCUBOOT_ENCRYPT_KW) */
 
 #if defined(MCUBOOT_ENCRYPT_EC256)
-
-    cp = (uint8_t *)bootutil_enc_key->key;
-    cpend = cp + *bootutil_enc_key->len;
-
     /*
      * Load the stored EC256 decryption private key
      */
@@ -463,21 +452,17 @@ boot_decrypt_key(const uint8_t *buf, uint8_t *enckey)
     /*
      * First "element" in the TLV is the curve point (public key)
      */
-    bootutil_ecdh_p256_init(&ecdh_p256);
+    bootutil_ecdh_p256_init(&pk_ctx);
 
-    rc = bootutil_ecdh_p256_shared_secret(&ecdh_p256, &buf[EC_PUBK_INDEX], private_key, shared);
-    bootutil_ecdh_p256_drop(&ecdh_p256);
+    rc = bootutil_ecdh_p256_shared_secret(&pk_ctx, &buf[EC_PUBK_INDEX], private_key, shared);
+    bootutil_ecdh_p256_drop(&pk_ctx);
     if (rc != 0) {
         return -1;
     }
 
 #endif /* defined(MCUBOOT_ENCRYPT_EC256) */
 
 #if defined(MCUBOOT_ENCRYPT_X25519)
-
-    cp = (uint8_t *)bootutil_enc_key->key;
-    cpend = cp + *bootutil_enc_key->len;
-
     /*
      * Load the stored X25519 decryption private key
      */
@@ -491,10 +476,10 @@ boot_decrypt_key(const uint8_t *buf, uint8_t *enckey)
      * First "element" in the TLV is the curve point (public key)
      */
 
-    bootutil_ecdh_x25519_init(&ecdh_x25519);
+    bootutil_ecdh_x25519_init(&pk_ctx);
 
-    rc = bootutil_ecdh_x25519_shared_secret(&ecdh_x25519, &buf[EC_PUBK_INDEX], private_key, shared);
-    bootutil_ecdh_x25519_drop(&ecdh_x25519);
+    rc = bootutil_ecdh_x25519_shared_secret(&pk_ctx, &buf[EC_PUBK_INDEX], private_key, shared);
+    bootutil_ecdh_x25519_drop(&pk_ctx);
     if (!rc) {
         return -1;
     }